An Architectural Foundation for Security Model Sharing and Reuse

Meland, Per Håkon; Ardi, Shanai; Jensen, Jostein; Rios, Erkuden; Sanchez, Txus; Shahmehri, Nahid; Tøndel, Inger Anne

doi:10.1109/ares.2009.110

Cited by 17 publications

(7 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Concerning the first point, an approach using a security repository concept such as those presented by Meland et al [11] and Ardi et al [25] allows security experts together with legal professionals to share the results of the complex requirements elicitation process. To include a feedback system in such repositories will allow both developers and other security experts to review the requirements, and constantly improve the repository content.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Reusable Security Requirements for Healthcare Applications

Jensen

Tøndel

Jaatun

et al. 2009

2009 International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Healthcare information systems are currently being migrated from paper based journals to fully digitalised information platforms. Protecting patient privacy is thus becoming an increasingly complex task, where several national and international legal requirements must be met. These legal requirements present only high-level goals for privacy protection, leaving the details of security requirements engineering to the developers of electronic healthcare systems.Our objective has been to map legal requirements for sensitive personal information to a set of reusable technical information security requirements. This paper presents examples of such requirements extracted from legislation applicable to the healthcare domain.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Security repositories containing requirements have been suggested by among others Sindre et al [8] and Toval et al [10]. Meland et al [11] have, in the SHIELDS project 2 , defined an architecture for a repository that together with other software security artefacts can contain a security requirements catalogue.…”

Section: Reuse Of Security Requirementsmentioning

confidence: 99%

Reusable Security Requirements for Healthcare Applications

Jensen

Tøndel

Jaatun

et al. 2009

2009 International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…This study in [14] investigates the privacy aspects of attribute sharing in Single Sign-On (SSO) solutions. The researchers examine the process of attribute sharing among multiple service providers in SSO systems and analyze the privacy risks associated with this sharing.…”

Section: Fett Et Al [8]mentioning

confidence: 99%

Analyzing Privacy Implications and Security Vulnerabilities in Single Sign-On Systems: A Case Study on OpenID Connect

Shabi,

Marie

2024

IJACSA

View full text Add to dashboard Cite

Single Sign-On (SSO) systems have gained popularity for simplifying the login process, enabling users to authenticate through a single identity provider (IDP). However, their widespread adoption raises concerns regarding user privacy, as IDPs like Google or Facebook can accumulate extensive data on user web behavior. This presents a significant challenge for privacy-conscious users seeking to restrict disclosure of their online activities to third-party entities. This paper presents a comprehensive study focused on the OpenID Connect protocol, a widely utilized SSO standard. Our analysis delves into the protocol's operation, identifying security flaws and vulnerabilities across its various stages. Additionally, we systematically examine the privacy implications associated with user access to SSO systems. We offer a detailed account of how easily user information can be accessed, shedding light on potential risks. The findings underscore the imperative to address privacy vulnerabilities within SSO infrastructures. We advocate for proactive measures to enhance system security and safeguard user privacy effectively. By identifying weaknesses in the OpenID Connect protocol and its implementations, stakeholders can implement targeted strategies to mitigate risks and ensure the protection of user data. This research aims to foster a more secure and privacy-respecting environment within the evolving landscape of SSO systems.

show abstract

“…The SHIELDS EU project [63] has developed the SHIELDS internet-based Security Vulnerabilities Repository Service (SVRS) which is a VAD to support S3P and other applications [55], [56]. The GOAT tool is compatible with the SVRS and interfaces with it.…”

Section: Research Contributionmentioning

confidence: 99%

An Architectural Foundation for Security Model Sharing and Reuse

Cited by 17 publications

References 3 publications

Reusable Security Requirements for Healthcare Applications

Reusable Security Requirements for Healthcare Applications

Analyzing Privacy Implications and Security Vulnerabilities in Single Sign-On Systems: A Case Study on OpenID Connect

Vulnerability and Risk Analysis Methods and Application in Large Scale Development of Secure Systems

Contact Info

Product

Resources

About